Dveditz

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 50.0.2 Firefox ESR versions prior to 45.5.1 Thunderbird versions prior to 45.5.1 **Description** A use-after-free vulnerability in SVG Animation has been discovered, allowing a remote attacker to execute arbitrary code. An exploit has been found in the wild, targeting Firefox and Tor Browser users on Windows. **Recommendations** For Mozilla Firefox versions prior to 50.0.2, update to version 50.0.2 or later. For Firefox ESR versions prior to 45.5.1, update to version 45.5.1 or later. For Thunderbird versions prior to 45.5.1, update to version 45.5.1 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 41.0 Mozilla Firefox ESR versions 38.x prior to 38.3 **Description** The issue is related to a lack of protection for service data, allowing a remote attacker to bypass existing access restrictions and execute a redirect to a specified URL using specially crafted JavaScript code. This can be achieved when a user performs a drag-and-drop action of an image into a TEXTBOX element, allowing the attacker to discover the target URL of a redirect. **Recommendations** For Mozilla Firefox versions prior to 41.0, update to version 41.0 or later to resolve the issue. For Mozilla Firefox ESR versions 38.x prior to 38.3, update to version 38.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of JavaScript code in the browser until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 26.0 SeaMonkey versions prior to 2.23 **Description** The issue allows remote attackers to bypass intended sandbox restrictions via a crafted web site, due to improper consideration of the sandbox attribute of an IFRAME element during processing of a contained OBJECT element. **Recommendations** For Mozilla Firefox versions prior to 26.0, update to version 26.0 or later to resolve the issue. For SeaMonkey versions prior to 2.23, update to version 2.23 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 22.0 Firefox ESR 17.x versions prior to 17.0.7 Thunderbird versions prior to 17.0.7 Thunderbird ESR 17.x versions prior to 17.0.7 **Description** The issue arises from improper handling of `onreadystatechange` events in conjunction with page reloading. This allows remote attackers to cause a denial of service, resulting in an application crash, or possibly execute arbitrary code via a crafted web site. The crafted web site triggers an attempt to execute data at an unmapped memory location. **Recommendations** For Mozilla Firefox versions prior to 22.0, update to version 22.0 or later. For Firefox ESR 17.x versions prior to 17.0.7, update to version 17.0.7 or later. For Thunderbird versions prior to 17.0.7, update to version 17.0.7 or later. For Thunderbird ESR 17.x versions prior to 17.0.7, update to version 17.0.7 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 21.0 Firefox ESR 17.x versions prior to 17.0.6 Thunderbird versions prior to 17.0.6 Thunderbird ESR 17.x versions prior to 17.0.6 **Description** A use-after-free issue in the `nsContentUtils::RemoveScriptBlocker` function allows remote attackers to execute arbitrary code or cause a denial of service due to heap memory corruption via unspecified vectors. **Recommendations** For Mozilla Firefox versions prior to 21.0, update to version 21.0 or later. For Firefox ESR 17.x versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird versions prior to 17.0.6, update to version 17.0.6 or later. For Thunderbird ESR 17.x versions prior to 17.0.6, update to version 17.0.6 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.6.18 Thunderbird versions prior to 3.1.11 **Description** The issue is related to multiple unspecified vulnerabilities in the browser engine, allowing remote attackers to cause a denial of service, which includes memory corruption and application crash, or possibly execute arbitrary code via unknown vectors. **Recommendations** For Mozilla Firefox versions prior to 3.6.18, update to version 3.6.18 or later. For Thunderbird versions prior to 3.1.11, update to version 3.1.11 or later.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.5.x through 3.5.1 **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and application crash, or possibly execute arbitrary code. This is related to the `TraceRecorder::snapshot` function in `js/src/jstracer.cpp` and other unspecified vectors. **Recommendations** For Mozilla Firefox versions 3.5.x through 3.5.1, update to version 3.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 3.0.9 Thunderbird (affected versions not specified) SeaMonkey (affected versions not specified) **Description** The issue concerns the jar: URI implementation, which fails to follow the Content-Disposition header of the inner URI. This allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a "Content-Disposition: attachment" designation. **Recommendations** For Mozilla Firefox versions prior to 3.0.9, update to version 3.0.9 or later. For Thunderbird, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For SeaMonkey, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox version 3.0.7 **Description** The issue allows remote attackers to execute arbitrary code via unknown vectors related to the ` moveToEdgeShift` XUL tree method. This method triggers garbage collection on objects that are still in use. The issue was demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. **Recommendations** For Mozilla Firefox version 3.0.7, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.x prior to 3.0.5 Mozilla Firefox versions 2.x prior to 2.0.0.19 Thunderbird versions 2.x prior to 2.0.0.19 SeaMonkey versions 1.x prior to 1.1.14 **Description** The issue allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to a reachable assertion or an integer overflow. **Recommendations** For Mozilla Firefox versions 3.x prior to 3.0.5, update to version 3.0.5 or later. For Mozilla Firefox versions 2.x prior to 2.0.0.19, update to version 2.0.0.19 or later. For Thunderbird versions 2.x prior to 2.0.0.19, update to version 2.0.0.19 or later. For SeaMonkey versions 1.x prior to 1.1.14, update to version 1.1.14 or later.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 3.x before 3.0.1 Description: The issue allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors. This can be demonstrated by injection into a XUL error page, which can potentially be leveraged to execute arbitrary code. Recommendations: For Mozilla Firefox versions 3.x before 3.0.1, update to version 3.0.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Mozilla Firefox versions 2.0.0.5 and 3.0alpha Description: The issue allows remote attackers to execute arbitrary commands via a NULL byte (%00) and shell metacharacters in a mailto, nntp, news, snews, or telnet URI. Recommendations: For Mozilla Firefox version 2.0.0.5, update to a version that contains a fix for this issue. For Mozilla Firefox version 3.0alpha, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 1.0.1 **Description** The issue allows remote attackers to steal potentially sensitive information via an input control that monitors the values generated by the autocomplete capability. **Recommendations** For versions prior to 1.0.1, update to version 1.0.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions 3.x prior to 3.0.4 Mozilla Firefox versions 2.x prior to 2.0.0.18 Thunderbird versions 2.x prior to 2.0.0.18 SeaMonkey versions 1.x prior to 1.1.13 libxul0d-dbg (affected versions not specified) libxul-dev (affected versions not specified) libsmjs1 (affected versions not specified) libmozjs0d-dbg (affected versions not specified) libmozjs0d (affected versions not specified) libxul0d (affected versions not specified) libnss3-0d-dbg (affected versions not specified) libsmjs-dev (affected versions not specified) libnss3-0d (affected versions not specified) libxul-common (affected versions not specified) **Description** The issue involves multiple vulnerabilities in various packages of the Debian GNU/Linux operating system, including libxul0d-dbg, libxul-dev, libsmjs1, libmozjs0d-dbg, libmozjs0d, libxul0d, libnss3-0d-dbg, libsmjs-dev, libnss3-0d, and libxul-common. These vulnerabilities can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. Additionally, an integer overflow in the xpcom/io/nsEscape.cpp file in the browser engine of Mozilla Firefox can cause a denial of service (crash) via unknown vectors. **Recommendations** For Mozilla Firefox versions 3.x prior to 3.0.4, update to version 3.0.4 or later. For Mozilla Firefox versions 2.x prior to 2.0.0.18, update to version 2.0.0.18 or later. For Thunderbird versions 2.x prior to 2.0.0.18, update to version 2.0.0.18 or later. For SeaMonkey versions 1.x prior to 1.1.13, update to version 1.1.13 or later. For libxul0d-dbg, libxul-dev, libsmjs1, libmozjs0d-dbg, libmozjs0d, libxul0d, libnss3-0d-dbg, libsmjs-dev, libnss3-0d, and libxul-common, at the moment, there is no information about a newer version that contains a fix for this vulnerability.